Tailscale
Tailscale is a super-simple VPN that is easy to set up, and works well with BYOC satellites. This page documents the required configuration within Tailscale to enable BYOC.
Requirements
- Configure a subnet router to provide access to satellites for users on the VPN. This is required because satellites never join a VPN directly, and may change IP/DNS addresses frequently. 
- Configure Restricted Nameservers (Split DNS) to resolve custom DNS names, as required by your cloud provider. 
- If you are running Earthly from within a Kubernetes pod, or GHA runner; you may need to make use of the userspace networking mode. - When using userspace networking, you need to add a Global nameserver to your DNS settings. 
 
Because network configuration can vary wildly across organizations and cloud providers, we've provided some further general guidance below.
AWS
- Step-by-step instructions to configure a subnet router in AWS - If you have multiple cloud installations sharing a single subnet, the single subnet router can be shared. 
 
- It is required to add a Split DNS entry for the - <aws-region>.compute.internalTLD, because Earthly uses the AWS internal DNS addresses to resolve satellites. To do this:- Open the DNS page in your Tailscale admin panel, find the "Nameservers" section, and click on "Add Nameserver" -> "Custom".  
- In the modal that appears, use: - x.x.0.2as the nameserver address, where- xis corresponds to the CIDR block allocated to your VPC.
- Check the box for "Restrict to domain" to enable Split DNS. 
- Add - <aws-region>.compute.internalas the Domain, where- <aws-region>corresponds to the region the subnet router is installed in. This option appears once the "Restrict to domain" option is toggled. 
 
 
Last updated
Was this helpful?
